Facebook and Skype as Case Studies. Muhammad Khurram Khan, Editor. Department of Computer Science, Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, UPM Serdang, Selangor, Malaysia. The School of Computing, Science & Engineering, Newton Building, University of Salford, Salford, Greater Manchester, United Kingdom. Information Assurance Research Group, University of South Australia, Adelaide, South Australia, Australia. King Saud University, Kingdom of Saudi Arabia, SAUDI ARABIACompeting Interests: The authors have declared that no competing interests exist. Conceived and designed the experiments: TYY AD KKRC. Performed the experiments: TYY. Analyzed the data: TYY. Contributed reagents/materials/analysis tools: TYY AD KKRC. Wrote the paper: TYY AD KKRC ZM. Received 2. 01. 5 Dec 2. Accepted 2. 01. 6 Feb 1. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. This article has been cited by other articles in PMC. Abstract. Instant messaging (IM) has changed the way people communicate with each other. However, the interactive and instant nature of these applications (apps) made them an attractive choice for malicious cyber activities such as phishing. The forensic examination of IM apps for modern Windows 8. In this paper, we seek to determine the data remnants from the use of two popular Windows Store application software for instant messaging, namely Facebook and Skype on a Windows 8. Blackberry App World Download For Torch 9800 OsThis research contributes to an in- depth understanding of the types of terrestrial artefacts that are likely to remain after the use of instant messaging services and application software on a contemporary Windows operating system. Potential artefacts detected during the research include data relating to the installation or uninstallation of the instant messaging application software, log- in and log- off information, contact lists, conversations, and transferred files. Introduction. Instant messaging (IM) is popular with both traditional computing device users (i. According to the report of Radicati Group [1], the number of worldwide IM accounts (with the exception of mobile messaging) in 2. Similar to other popular consumer technologies, IM services have also been exploited to commit frauds and scams [2–4], disseminate malware [5], groom children online with the purpose of sexual exploitation [6–9] etc. The chat logs can provide a great deal of information of evidential value to investigators [1. Due to the increased user privacy requirements [1. IM service provider (ISP). The data are often protected by proprietary protocols, encryption, etc., making forensic practitioners virtually impossible to collect meaningful information from external network [1. Moreover, collecting data from a multi- tenancy environment may breach the data privacy policies of the ISPs [1. Even if the artefacts could be identified, the challenges are compounded by cross- jurisdictional investigations that may prohibit cross- border transfer of information [1. In the worst- case scenario, the ISPs may not even log the incriminating conversations to reduce traffic to the messaging servers [1. Depending on the IM application in use, the client device can often provide potential for alternative methods for recovery of the IM artefacts [2. In addition to addressing the possible issues in relation to evidence acquisition from the ISPs, the terrestrial artefacts can be useful in establishing whether a suspect has a direct connection to a crime, as the suspect may claim he/she is a victim of identity theft otherwise. While a practitioner should be cognisant of techniques of digital forensics, it is just as important to maintain an up- to- date understanding of the potential artefacts that are recoverable from different types of IM products. Hence, in this paper, we seek to identify potential terrestrial artefacts that may remain after the use of the popular Facebook and Skype Windows Store application software (henceforth the Store app) on a Windows 8. Similar to the approaches of Quick and Choo [2. What data remains on a Windows 8. Facebook app version 1. Skype app version 3. What data remains in Random Access Memory (RAM) after a user has used the above IM services or apps on a Windows 8. What data can be seen in network traffic? Findings from this research will contribute to the forensic community’s understanding of the types of terrestrial artefacts that are likely to remain after the use of IM services and apps on devices running the newer Windows operating system.
Thanks, I downloaded, unzipped ( that sounded strange), dragged to my Google Chrome, and BAM!! All's good with the world now. My blackberry 9780 can`t apload a profile picture and its been almost a week and I deleted some items but still.what can I do? The structure of this paper is as follows. Section 2 discusses the background and related work. Section 3 outlines the research methodology and experiment environment and setup. In Sections 4 to 6, we present and discuss the findings from the IM apps. We then conclude the paper and outline potential future research areas in the last section. Literature Review. A Windows Store app (formerly known as Metro app) mimics the touch- screen- friendly mobile apps, while retaining the traditional mouse and keyboard inputs [2. The installation is handled exclusively by the Windows Store, which bypasses the execution of executable files [2. The Store apps are licensed to Microsoft account, giving the users the right to install a same app on up to eighty- one different Windows 8 (or newer) desktop clients under the same login [2. The concept also enables the users to roam the app credentials (stored within the Credential Locker) between the corresponding devices [2. The Store apps are predominantly built on Windows Runtime. In addition to offering the developers a multi- language programming environment, the architecture isolates the apps from the file system for security and stability [2. The app itself is a package (. APPX file) that incorporates the app’s code, resources, libraries, and a manifest up to a combined limit of 8. GB [2. 6]. Each Store app is represented by a package ID, which is often denoted by the package name followed by its build version, the target platform, and the alphanumeric publisher identification (ID). The installation and application folders can be generally located in %Program Files%\Windows. Apps\[Package ID] and %localappdata%\packages\[Package ID] respectively [3. The application data, correspond to the app states [2. The ‘Local. State’ folder holds device- specific data typically loaded to support the app functionality, such as temporary files and caches, recently viewed items, and other behavioural settings. The ‘Roaming. State’ folder stores data shared between the same app running on multiple Windows devices under the same login. The data may include account configurations, favourites, game scores and progress, important URIs etc. Meanwhile, the ‘Temp. State’ folder houses data temporarily suspended or terminated from the memory for restoration purposes, such as page navigation history, unsaved form data etc. The application data persist throughout the lifetime of a Store app, with the exception of the temp data which may be subject to disk clean up [2. The application cache/data can be stored using caching mechanisms like HTML5 local storage and Indexed. DB (for Store apps written in HTML and Java. Script) as well as other third- party database options like SQLite [3. In the absence of encryption mechanism, the data can aid in reconstruction of user events such as cloud storage [2. Store app in use. Instant messaging has been the subject of numerous digital forensic studies since the mid 2. In a series of early works, Dickson identified that artefacts of the client- based American Online Messenger version 5. AIM) [1. 6], MSN Messenger version 7. Yahoo Messenger version 7. Trillian version 3. Windows XP machine. By applying keyword search, the author was able to recover portion of the conversation history from unstructured datasets such as memory dumps, slack space, free space, and swap files in plain text, even with the absence of chat logging. The findings were echoed by several others studies with respect to Digsby [3. Windows Live Messenger 8. Pidgin 2. 0 [4. 3]. However, Levendoski et al. Yahoo Messenger client produced a different directory structure on Windows Vista/7. Kiley et al. [1. 9] investigated web- based IM apps (i. Whats. App for Black. Berry. Whats. App for Black. Berry is available for download from this location. However, no valid Black. Berry browser has been detected. Please use your Black. Berry Browser when visiting this website. Set your "Browser Identification" to "Black. Berry" under Browser > Options > Browser Configuration > Browser: Internet Browser, save the settings and "Refresh" this page. NOTE: you can also download Whats. App Messenger from Black. Berry World. For the record, we detected your browser as: Mozilla/5. Windows NT 6. 2; WOW6. Apple. Web. Kit/5. KHTML, like Gecko) Chrome/4. Safari/5. 37. 3. 6.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |